AWS Integration

Connecting your AWS account is the core step that unlocks the Amnic agent experience. Once AWS is connected, Amnic begins ingesting your billing data and makes the Tasks, Reporting Agent, and system-generated reports available.

AWS is currently the only supported integration. Support for other cloud providers will be added soon.

Connection Methods

Amnic supports three AWS integration methods, and each method begins the setup in the same place. The main differences are at the start (what input you provide) and in the level or speed of data availability.

1. New CUR (Recommended)

Creates a new Cost and Usage Report automatically through CloudFormation. This method provides the richest dataset and ensures the CUR is created with optimal settings.

2. Existing CUR

Connects an already-configured CUR in your AWS account by providing the Report Name. All other configuration is detected automatically during validation.

3. Quick Connect

Uses AWS Cost Explorer API for fastest setup. Data is available almost immediately but is less detailed than CUR-based methods and does not support multi-account ingestion.

What You’ll Need

Before starting the AWS integration, make sure you have the following:

  • Access to the AWS account you want to connect

  • Permission to deploy CloudFormation templates in that account

  • (For Existing CUR) the exact Report Name of your existing Cost & Usage Report

  • Awareness of the read-only permissions that Amnic will request during setup, depending on the method you choose:

New CUR

Amnic will request read-only access required to:

  • Create an encrypted private S3 bucket for CUR delivery

  • Allow AWS Billing to write new CUR files

  • Allow Amnic to read CUR files using an IAM Role protected with an ExternalId

  • Access Cost Explorer data (cost, usage, tags, forecasts, savings plans, reservations, rightsizing, and commitment analysis)

  • Access Anomaly Detection APIs

  • Access Compute Optimizer recommendations

  • Read account and organization metadata for cost analysis

  • (Optional) Read resource-level data from EC2, RDS, Lambda, ElastiCache, CloudWatch, and Tags

  • Receive S3 event notifications for new CUR files

  • Use callback permissions for deployment status (no resource-level access)

Existing CUR

Amnic will request read-only access required to:

  • Read your existing CUR configuration (DescribeReportDefinitions)

  • Access your existing CUR bucket and files through a secure IAM Role + ExternalId

  • List and read CUR objects in the S3 bucket

  • Access Cost Explorer APIs (cost, usage, tags, forecasts, Budgets, Anomalies, Reservations, Savings Plans, Compute Optimizer, and commitment analysis)

  • Read account and organization metadata

  • (Optional) Read resource-level data from EC2, RDS, ElastiCache, Lambda, CloudWatch, and Tags

  • Receive S3 event notifications for CUR delivery

  • Use callback permissions for setup status (no resource access)

Step-by-Step Setup (Shared Flow for All Methods)

All connection methods follow the same core setup process after the initial selection. This section walks through each step, highlighting only the method-specific differences where relevant.

Step 1: Open the AWS Integration Wizard

In Amnic:

  1. Go to Integrations

  2. Click Add AWS Account

You will see the three AWS connection methods.

Step 2: Select a Connection Method

Choose between:

  • New CUR

  • Existing CUR

  • Quick Connect

Method-specific inputs at this step:

New CUR

No additional information is needed unless the UI prompts for a report name. If prompted, enter a descriptive name for the new CUR that CloudFormation will create.

Existing CUR

Enter the Report Name of your existing Cost and Usage Report.

Quick Connect

No inputs required. You proceed directly to the next step.

Step 3: Review Required Permissions

Amnic displays the read-only IAM permissions that will be granted through the CloudFormation stack.

These permissions allow Amnic to read:

  • CUR data (if applicable)

  • Account metadata

  • (If present) Kubernetes split cost data

  • Cost Explorer results (for Quick Connect)

Review the information, then click Next.

Step 4: Deploy the CloudFormation Template

All three connection methods require deploying a CloudFormation stack. This stack creates the IAM role and related configuration needed for Amnic to read your AWS data.

Click AWS Console to launch the AWS Console with the template pre-filled.

In AWS:

  1. Review the template details

  2. Confirm the permissions

  3. Deploy the stack

  4. Wait until the stack reaches CREATE_COMPLETE

Keep the AWS page open until stack creation is finished.

Step 5: Return to Amnic

Once the CloudFormation stack begins deploying, return to Amnic.

The integration card switches to Connecting…, and Amnic automatically begins validating the setup.

No manual refresh is required.

Step 6: Validation and Health Checks

After the stack deploys and AWS begins delivering data, Amnic performs several checks:

  • Access to the S3 bucket

  • Access to CUR files (for CUR-based methods)

  • Access to Cost Explorer API (for Quick Connect)

  • File format and CUR metadata (New CUR & Existing CUR)

  • Resource ID availability (if provided by AWS)

Successful validation updates the integration card to Connected, and the Health Report becomes available.

When Data Starts Becoming Available

Once AWS accepts the CloudFormation stack and begins delivering data:

  • Within 10-15 minutes

Amnic prepares your system-generated reports using whatever data is immediately available.

  • Within 30-60 minutes

Amnic begins full ingestion of billing and usage data for the Tasks, Reporting Agent, and specialized FinOps agents.

These features begin responding as soon as the first datasets arrive.

During this period, you can continue using the workspace or inviting members while AWS finishes delivering data.

Multi-Account Support

Multi-account ingestion is supported only when using:

  • New CUR

  • Existing CUR

Each AWS account must have its own CUR.

Quick Connect does not support multi-account ingestion.

If the same AWS account is connected a second time, Amnic surfaces a clear duplicate-account error.

Error Handling

If something goes wrong during the integration, Amnic shows a specific error state directly on the integration card. These states help you identify what happened and what you need to fix before continuing.

CloudFormation Stack Failure

If AWS fails to create the CloudFormation stack, Amnic displays a stack-failure message.

You can open the AWS Console to view the failed resource and re-run the deployment after resolving the issue.

Parent-Child Account Conflict

If the connected AWS account has a parent or child account already connected, Amnic warns you or blocks the action depending on the type of conflict.

Same Account Connected Twice

If the AWS account is already connected in another Amnic organization, Amnic surfaces an error indicating the account cannot be reused.

Insufficient Permissions

If the CloudFormation stack did not grant the required permissions, Amnic shows a missing-permissions error and provides a link to resolve it.

This usually requires re-deploying the CloudFormation stack with the correct IAM permissions.

User Aborts the Integration

If you close the AWS Console or exit the setup flow:

  • If the stack was created:

Amnic asks whether you want to reuse the existing stack or roll it back.

  • If the stack was not created:

The integration card switches to a failure state with a retry option.

No Stack Created

If you opened AWS but never deployed the stack, Amnic automatically resets the integration and prompts you to reconnect.

Integration States in Amnic

The integration card uses clear status indicators so you can track progress:

Connecting…

Stack is deploying or Amnic is waiting for AWS data.

Connected

Setup is complete, and Amnic is actively receiving data.

Needs Attention

Detected configuration issues such as missing fields, insufficient permissions, or duplicate accounts.

Failed

CloudFormation or permission errors that require action.

Each card also provides access to:

  • Health Report

  • Audit Logs

  • Overflow menu for removing or revalidating the connection

Health Report

The Health Report surfaces validation results, including:

  • Whether data is being delivered

  • CUR format and completeness (for CUR-based methods)

  • Resource ID visibility

  • Availability of other required fields

  • Any specific warnings or issues detected

This helps you quickly identify misconfigurations or missing data.

Audit Logs

Audit Logs provide deeper insight into how Amnic is receiving your AWS data. Logs include:

  • Individual CUR fetch attempts

  • Success or failure reasons

  • Status timestamps

  • Metadata such as S3 path, compression, and version identifiers

This is especially helpful when diagnosing delivery delays or configuration issues.

What Happens After Integration

Once AWS is successfully connected:

  • System-generated reports begin appearing automatically

  • The Tasks becomes operational and starts using your AWS data

  • The Reporting Agent unlocks for custom and AI-assisted dashboards

  • Specialized FinOps agents become available as soon as their required data is present

From this point, you can begin exploring your environment, asking questions, and building dashboards or reports powered directly by your AWS data.

PreviousGetting Started with AmnicNextTasks

Last updated